Computer security is a growing necessity. A primary challenge for network intrusion detection systems is analyzing the volume of network traffic they receive and sifting out the attack related traffic. This becomes and even more difficult task with network speeds in the multi-gigabit range. The sheer volume of data typically limits the types of analysis that can be done at wire speeds, resulting in less reliable attack detection. The more specific an attack can be identified, the more computationally expensive the intrusion detection process can be.
What is needed is a technique for optimizing performance and accuracy while still being able to analyze the large number of events that can occur. The present invention addresses such a need.